Some of the Security ACLs

• Standard IP ACLs – uses the source IP addresses for matching operations
• Extended ACLs – use a combination of source and destination IP addresses and optional protocol-type information for matching operations.
• Turbo ACLs - creates a set of data tables and compiles them into fast lookup tables allowing for very large filter lists to be used without an increase in packet latency.
• Named ACLs – can identify IP ACLs with an alphanumeric string rather than a number and enable you to configure more than 99 standard IP ACLs in a router.
• Timed ACLs – an extended IP ACL that becomes active only during a specified time period. The time range specified may be periodical (such as every Monday at 2 a.m.) or absolute (which is active only one time at a particular date and time).
• Established ACLs – in which inbound TCP traffic is limited to return traffic from TCP sessions initiated from the inside of the network. No inbound TCP sessions are accepted unless they are explicitly allowed by an inbound ACL on the outside interface. This firewall action only applies to TCP sessions; it does not support UDP sessions.
• Reflexive ACLs – works similarly to Established ACLs, but supports firewalling TCP and UDP sessions. Reflexive ACLs require the use of both inbound and outbound ACLs.
• Lock and Key – typically used to permit inbound or outbound access to a resource only when the dynamic ACLs are activated (unlocked) by a Telnet connection (the key). Once activated, the ACL remains active until a timeout value expires.
• Context Based Access Control (CBAC) – this ACL represents a true firewall and is only available on Cisco routers that have the advanced Firewall IOS feature set. This firewall ACL protects UDP, TCP, FTP, HTTP and other session types, as well as providing protection from spam attacks and certain types of DOS attacks.

Best Practice On Communication

Source: http://www.secureflorida.org/bestpractices/key_components/

Here are some of the key components of good security policy.

1.Identify your risks.
Determine what your company’s most critical information assets are, and spend your time and energy protecting what is most important.

2.Get the CEO involved.
Good security has to start from the top, with executives who help create a corporate culture that values security.

3.Put someone in charge.
Security is a complex job, so make sure someone is in charge of coordinating security efforts.

4.Develop and implement a security policy.
Establish guidelines for how your company handles and protects its data — from who makes sure software patches are installed, to how employees access their e-mail on the road, to how often passwords should be changed.

5.Educate employees and raise awareness.
Make security awareness an ongoing project. Employees need to understand why their role is so critical.

6.Have a security audit done.
Hire an independent third party to evaluate your security posture, and then use the recommendations made by the auditor.

7.Incorporate physical security into the plan.
The best security technology in the world will not do any good if a well-meaning employee lets the wrong person into the server room.

8.Remember internal threats.
Most attempted hacks come from the outside, but most successful ones start with people who have inside knowledge. Have a process in place to delete user accounts when employees quit or are let go.

9.Stay tuned in.
Make sure someone keeps track of new developments in information security, including new vulnerabilities and attacks.

10.Prepare for the worst.
Create an incident response plan to help you save time in the event of a security problem. This will lay out who needs to be involved, what their jobs are, and how you will minimize the damage.

ACL guidelines and to keep in mind

ACL Configuration Guidelines
http://www.ccnastudyguide.net/acl-configuration-guidelines/


Cisco IOS access lists: 10 things you should know
http://www.techrepublic.com/article/cisco-ios-access-lists-10-things-you-should-know/5731134

Cisco Documentation

Found this documentations URLs today:


Cisco Product Documentation
http://www.cisco.com/univercd/cc/td/doc/product/

Cisco 2500 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm

Cisco 2600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/index.htm

Cisco 2800 Series Integrated Services Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/2800/index.htm

Cisco 3600 Series Routers
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis3600/index.htm

Access Control List (ACL) filter (command)

• Access-list number    Identifies the access list using a number in the range 100 – 999 (extended IP ACL) 2000 – 2699 (expanded IP ACLs)
• Deny    Denies access if the conditions are matched
• Permit    Permits access if the conditions are match
• Remark    Indicates whether this entry allows or blocks the specified address. Could also be used to enter a remark.
• Protocol    Name or number of an internet protocol. Common keyword include ICMP IP, TCP or UDP
• Source    Number of the network or host from which the packet is being sent
• Source-wildcard    Wildcard bit to be applied to source
• Destination    Number of the network or host to which the packet is being sent
• Destination wild-card    Wildcard bit to be applied to the destination
• Port    The decimal number or name of a TCP or UDP port
• Established     For the TCP protocol only; indicates an established connection.
• Operator   
• lt (less than) 
• gt (greater than)
• eq (equal)
• neq (not equal)

Source: http://www.orbit-computer-solutions.com/Access-Control-Lists-%28ACL%29.php

Three port numbers ranges

1. System Ports -- ranges from 0 to 1023
2. User Ports -- ranges from 1024 to 49151
3. Dynamic and/or Private Ports -- ranges from 49152 to 65535

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Cisco 3600 Series routers

Two more additional units to my rack... Cisco 3640's  4 Slot Modular Chassis

My second 2500 in the rack...

Got my second Cisco 2520 today... was surprised NICE AND CLEAN UNIT!! My first was Cisco 2500 was the RJ 2511 Access Server.

There is a known poor performance issue with this model, http://www.cisco.com/en/US/ts/fn/misc/fna-2196-1.html But I received a fixed revision unit -- 800-00590-03A0.

More cables...

Just made additional 4 crossover, 6 rollover, 4 T1 and 10 straight-thru cables. How many more do I need?

I still need some serial cables... that I don't know how to make -=8o)

What next?

Don't know... so I grab this book...
 http://www.ciscopress.com/bookstore/product.asp?isbn=1587051176

dddddiiiiiiiggggggggggggg-iiiiiiiiinnnnnnnnnnnnnnnn...................

Planning

Planning... planning...

In the beginning

Started collecting pieces for my Cisco Rack about two weeks ago, June 15 to be exact. I've put in about $1000 for my cisco home lab so far.

For my routers, I now have 2 x Cisco 3640, a Cisco 2650, a Cisco 2611, 4 x Cisco 2610. As for switches I have 3 x Cisco 3600 XL series (C3648). I also got myself a Cisco AS2511RJ to control my routers and switches from one place.

I bought a crimping tool, a wire cutter/stripper, RJ45 Cat5/5e modular plugs, 3 different colors of the snag-less boot cap ends; spent the night measuring and cutting cables -- made all my straight-thru, rollover, crossover and T1 cables I needed until 2:00 AM.

I cleared and reset all the units of the passwords and previous configurations. Now I am studying the basics and familiarizing myself with the CLI on these Cisco devices.